The Best DerbyCon 2014 Talks for Red Teams – blog.cobaltstrike.com
DerbyCon is one of Raphael Mudge’s favorite conferences. Here is a list of talks from DerbyCon by Raphael that are most relevant to red team operations.

theZoo – github.com
A repository of LIVE malwares for your own joy and pleasure. theZoo is a project created to make the possibility of malware analysis open and available to the public.

Techniques

LM Hash Cracking – Rainbow Tables vs GPU Brute Force – netspi.com
Karl Fosaaen can’t totally justify saying that using oclHashcat/Hashcat is faster for cracking LM hashes, but given their setup, it’s still pretty fast. That being said, if you don’t have your own GPU cracking rig, you will definitely be better off using Rainbow tables, especially if you multi-thread it on a solid state drive.

Vulnerabilities

Yahoo Servers Were Owned By Bash Bug Hackers – forbes.com
At least two Yahoo servers were compromised over the weekend by hackers exploiting the infamous Shellshock vulnerability, resident in command line processor Bash. A spokesperson for the company said they had locked down an isolated incident, but wouldn’t reveal much more about the apparent attack.

FBI Pays Visit to Researcher Who Revealed Yahoo Hack – wired.com
Jonathan Hall went out of his way to spotlight a network of compromised computer servers that, he says, are controlled by Romanian hackers. He published his findings on his blog, saying he simply wanted to help these companies clean up a nasty computer problem. But with his aggressive investigation, he may have run afoul of the nation’s anti-hacking law, the Computer Fraud and Abuse Act, or CFAA.

U.S. Police Are Giving Away Keylogging Software as a ‘Safety’ Measure – gizmodo.com
The way ComputerCOP works is neither safe nor secure. It isn’t particularly effective either, except for generating positive PR for the law enforcement agencies distributing it. Law enforcement agencies should cease distributing copies immediately and tell parents not to use it.

Borked Belkin routers leave many unable to get online – arstechnica.com
Owners of Belkin routers around the world are finding themselves unable to get online today. Outages appear to be affecting many different models of Belkin router, and they’re hitting customers on any ISP, with Time Warner Cable and Comcast among those affected.

Meet the NSA’s hacker recruiter – cnbc.com
Rocked by the Edward Snowden disclosures and facing stiff competition for top talent from high-paying Silicon Valley firms, the nation’s cyberspy agency is looking to recruit a new generation of college hackers and tech experts. Recently, CNBC sat down with LaFountain in a conference room at NSA’s National Cryptologic Museum to talk about recruiting in the post-Snowden era.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.